@boxyhq/saml-jackson 1.33.0 → 1.33.1-beta.1

package/dist/src/controller/setup-link.js

@@ -0,0 +1,462 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import * as dbutils from '../db/utils';
+import { IndexNames, validateTenantAndProduct, validateRedirectUrl, extractRedirectUrls } from './utils';
+import crypto from 'crypto';
+import { JacksonError } from './error';
+const throwIfInvalidService = (service) => {
+    if (!['sso', 'dsync'].includes(service)) {
+        throw new JacksonError('Invalid service provided. Supported values are: sso, dsync', 400);
+    }
+};
+const calculateExpiryTimestamp = (expiryDays) => {
+    const currentTimestamp = Date.now();
+    return currentTimestamp + expiryDays * 24 * 60 * 60 * 1000;
+};
+/**
+ * @swagger
+ * definitions:
+ *   SetupLink:
+ *      type: object
+ *      properties:
+ *        setupID:
+ *          type: string
+ *          description: Setup link ID
+ *        tenant:
+ *          type: string
+ *          description: Tenant
+ *        product:
+ *          type: string
+ *          description: Product
+ *        validTill:
+ *          type: string
+ *          description: Valid till timestamp
+ *        url:
+ *          type: string
+ *          description: Setup link URL
+ */
+export class SetupLinkController {
+    constructor({ setupLinkStore, opts }) {
+        this.setupLinkStore = setupLinkStore;
+        this.opts = opts;
+    }
+    /**
+     * @swagger
+     * definitions:
+     *    SetupLink:
+     *      type: object
+     *      example:
+     *        {
+     *        	"data": {
+     *        		"setupID": "0689f76f7b5aa22f00381a124cb4b153fc1a8c08",
+     *        		"tenant": "acme",
+     *        		"product": "my-app",
+     *        		"service": "sso",
+     *        		"validTill": 1689849146690,
+     *        		"url": "http://localhost:5225/setup/0b96a483ebfe0af0b561dda35a96647074d944631ff9e070"
+     *        	}
+     *        }
+     * parameters:
+     *   tenantParamPost:
+     *     name: tenant
+     *     description: Tenant
+     *     in: formData
+     *     required: true
+     *     type: string
+     *   productParamPost:
+     *     name: product
+     *     description: Product
+     *     in: formData
+     *     required: true
+     *     type: string
+     *   defaultRedirectUrlParamPost:
+     *     name: defaultRedirectUrl
+     *     description: The redirect URL to use in the IdP login flow
+     *     in: formData
+     *     type: string
+     *     required: true
+     *   redirectUrlParamPost:
+     *     name: redirectUrl
+     *     description: JSON encoded array containing a list of allowed redirect URLs
+     *     in: formData
+     *     type: string
+     *     required: true
+     *   webhookUrlParamPost:
+     *     name: webhook_url
+     *     description: The URL to send the directory sync events to
+     *     in: formData
+     *     type: string
+     *     required: true
+     *   webhookSecretParamPost:
+     *     name: webhook_secret
+     *     description: The secret to sign the directory sync events
+     *     in: formData
+     *     type: string
+     *     required: true
+     *   nameParamPost:
+     *     name: name
+     *     description: Name of connection
+     *     in: formData
+     *     type: string
+     *     required: false
+     *   expiryDaysParamPost:
+     *     name: expiryDays
+     *     description: Days in number for the setup link to expire
+     *     default: 3
+     *     in: formData
+     *     type: number
+     *     required: false
+     *   regenerateParamPost:
+     *     name: regenerate
+     *     description: If passed as true, it will remove the existing setup link and create a new one.
+     *     in: formData
+     *     default: false
+     *     type: boolean
+     *     required: false
+     * /api/v1/sso/setuplinks:
+     *   post:
+     *    summary: Create a Setup Link
+     *    operationId: create-sso-setup-link
+     *    tags: [Setup Links | Single Sign On]
+     *    produces:
+     *      - application/json
+     *    consumes:
+     *      - application/x-www-form-urlencoded
+     *      - application/json
+     *    parameters:
+     *      - $ref: '#/parameters/nameParamPost'
+     *      - $ref: '#/parameters/tenantParamPost'
+     *      - $ref: '#/parameters/productParamPost'
+     *      - $ref: '#/parameters/defaultRedirectUrlParamPost'
+     *      - $ref: '#/parameters/redirectUrlParamPost'
+     *      - $ref: '#/parameters/expiryDaysParamPost'
+     *      - $ref: '#/parameters/regenerateParamPost'
+     *    responses:
+     *      200:
+     *        description: Success
+     *        schema:
+     *          $ref:  '#/definitions/SetupLink'
+     * /api/v1/dsync/setuplinks:
+     *   post:
+     *    summary: Create a Setup Link
+     *    operationId: create-dsync-setup-link
+     *    tags: [Setup Links | Directory Sync]
+     *    produces:
+     *      - application/json
+     *    consumes:
+     *      - application/x-www-form-urlencoded
+     *      - application/json
+     *    parameters:
+     *      - $ref: '#/parameters/nameParamPost'
+     *      - $ref: '#/parameters/tenantParamPost'
+     *      - $ref: '#/parameters/productParamPost'
+     *      - $ref: '#/parameters/webhookUrlParamPost'
+     *      - $ref: '#/parameters/webhookSecretParamPost'
+     *      - $ref: '#/parameters/expiryDaysParamPost'
+     *      - $ref: '#/parameters/regenerateParamPost'
+     *    responses:
+     *      200:
+     *        description: Success
+     *        schema:
+     *          $ref:  '#/definitions/SetupLink'
+     */
+    create(body) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { name, tenant, product, service, expiryDays, regenerate } = body;
+            validateTenantAndProduct(tenant, product);
+            throwIfInvalidService(service);
+            if (!tenant || !product) {
+                throw new JacksonError('Must provide tenant and product', 400);
+            }
+            if (service === 'sso') {
+                const { defaultRedirectUrl, redirectUrl } = body;
+                if (!defaultRedirectUrl || !redirectUrl) {
+                    throw new JacksonError('Must provide defaultRedirectUrl and redirectUrl', 400);
+                }
+                validateRedirectUrl({ defaultRedirectUrl, redirectUrlList: extractRedirectUrls(redirectUrl || '') });
+            }
+            else if (service === 'dsync') {
+                const { webhook_url, webhook_secret } = body;
+                if (!webhook_url || !webhook_secret) {
+                    throw new JacksonError('Must provide webhook_url and webhook_secret', 400);
+                }
+            }
+            const existing = (yield this.setupLinkStore.getByIndex({
+                name: IndexNames.TenantProductService,
+                value: dbutils.keyFromParts(tenant, product, service),
+            })).data;
+            if (existing.length > 0 && !regenerate && !this.isExpired(existing[0])) {
+                return existing[0];
+            }
+            // Remove the existing setup link if regenerate is true
+            if (existing.length > 0 && regenerate) {
+                yield this.setupLinkStore.delete(existing[0].setupID);
+            }
+            const token = crypto.randomBytes(24).toString('hex');
+            const expiryInDays = typeof expiryDays === 'number' && expiryDays > 0 ? expiryDays : this.opts.setupLinkExpiryDays || 3;
+            const setupID = dbutils.keyDigest(dbutils.keyFromParts(tenant, product, service));
+            const setupLink = {
+                setupID,
+                tenant,
+                product,
+                service,
+                name,
+                validTill: calculateExpiryTimestamp(expiryInDays),
+                url: `${this.opts.externalUrl}/setup/${token}`,
+            };
+            if (service === 'sso') {
+                const { defaultRedirectUrl, redirectUrl, description } = body;
+                setupLink.defaultRedirectUrl = defaultRedirectUrl;
+                setupLink.redirectUrl = redirectUrl;
+                setupLink.description = description || '';
+            }
+            else if (service === 'dsync') {
+                const { webhook_url, webhook_secret } = body;
+                setupLink.webhook_url = webhook_url;
+                setupLink.webhook_secret = webhook_secret;
+            }
+            yield this.setupLinkStore.put(setupID, setupLink, {
+                name: IndexNames.SetupToken,
+                value: token,
+            }, {
+                name: IndexNames.TenantProductService,
+                value: dbutils.keyFromParts(tenant, product, service),
+            }, {
+                name: IndexNames.Service,
+                value: service,
+            }, {
+                name: IndexNames.ProductService,
+                value: dbutils.keyFromParts(product, service),
+            });
+            return setupLink;
+        });
+    }
+    // Get a setup link by token
+    getByToken(token) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!token) {
+                throw new JacksonError('Missing setup link token', 400);
+            }
+            const setupLink = (yield this.setupLinkStore.getByIndex({
+                name: IndexNames.SetupToken,
+                value: token,
+            })).data;
+            if (!setupLink || setupLink.length === 0) {
+                throw new JacksonError('Setup link is not found', 404);
+            }
+            if (this.isExpired(setupLink[0])) {
+                throw new JacksonError('Setup link is expired', 401);
+            }
+            return setupLink[0];
+        });
+    }
+    /**
+     * @swagger
+     * parameters:
+     *   setupLinkId:
+     *     name: id
+     *     description: Setup link ID
+     *     in: query
+     *     required: false
+     *     type: string
+     * /api/v1/sso/setuplinks:
+     *   delete:
+     *     summary: Delete the Setup Link
+     *     parameters:
+     *       - $ref: '#/parameters/tenantParamGet'
+     *       - $ref: '#/parameters/productParamGet'
+     *       - $ref: '#/parameters/setupLinkId'
+     *     operationId: delete-sso-setup-link
+     *     tags: [Setup Links | Single Sign On]
+     *     responses:
+     *      200:
+     *        description: Success
+     *        schema:
+     *          type: object
+     *          example:
+     *           {
+     *             data: {}
+     *           }
+     * /api/v1/dsync/setuplinks:
+     *   delete:
+     *     summary: Delete the Setup Link
+     *     parameters:
+     *       - $ref: '#/parameters/tenantParamGet'
+     *       - $ref: '#/parameters/productParamGet'
+     *       - $ref: '#/parameters/setupLinkId'
+     *     operationId: delete-dsync-setup-link
+     *     tags: [Setup Links | Directory Sync]
+     *     responses:
+     *      200:
+     *        description: Success
+     *        schema:
+     *          type: object
+     *          example:
+     *           {
+     *             data: {}
+     *           }
+     */
+    remove(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if ('id' in params) {
+                yield this.setupLinkStore.delete(params.id);
+                return;
+            }
+            if ('service' in params && 'tenant' in params && 'product' in params) {
+                const { data: setupLinks } = yield this.filterBy({
+                    service: params.service,
+                    tenant: params.tenant,
+                    product: params.product,
+                });
+                yield this.remove({ id: setupLinks[0].setupID });
+            }
+        });
+    }
+    // Check if a setup link is expired or not
+    isExpired(setupLink) {
+        return setupLink.validTill < +new Date();
+    }
+    /**
+     * @swagger
+     * parameters:
+     *   tenantParamGet:
+     *     name: tenant
+     *     description: Tenant
+     *     in: query
+     *     required: true
+     *     type: string
+     *   productParamGet:
+     *     name: product
+     *     description: Product
+     *     in: query
+     *     required: true
+     *     type: string
+     * /api/v1/sso/setuplinks/product:
+     *   get:
+     *     summary: Get the Setup Links by product
+     *     parameters:
+     *       - $ref: '#/parameters/productParamGet'
+     *       - $ref: '#/parameters/pageOffset'
+     *       - $ref: '#/parameters/pageLimit'
+     *       - $ref: '#/parameters/pageToken'
+     *     operationId: get-sso-setup-link-by-product
+     *     tags: [Setup Links | Single Sign On]
+     *     responses:
+     *      200:
+     *        description: Success
+     *        schema:
+     *          type: array
+     *          items:
+     *            $ref:  '#/definitions/SetupLink'
+     * /api/v1/dsync/setuplinks/product:
+     *   get:
+     *     summary: Get the Setup Links by product
+     *     parameters:
+     *       - $ref: '#/parameters/productParamGet'
+     *       - $ref: '#/parameters/pageOffset'
+     *       - $ref: '#/parameters/pageLimit'
+     *       - $ref: '#/parameters/pageToken'
+     *     operationId: get-dsync-setup-link-by-product
+     *     tags: [Setup Links | Directory Sync]
+     *     responses:
+     *      200:
+     *        description: Success
+     *        schema:
+     *          type: array
+     *          items:
+     *            $ref:  '#/definitions/SetupLink'
+     */
+    filterBy(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const { tenant, product, service, pageOffset, pageLimit, pageToken } = params;
+            let index = null;
+            // By tenant + product + service
+            if (tenant && product && service) {
+                index = {
+                    name: IndexNames.TenantProductService,
+                    value: dbutils.keyFromParts(tenant, product, service),
+                };
+            }
+            // By product + service
+            else if (product && service) {
+                index = {
+                    name: IndexNames.ProductService,
+                    value: dbutils.keyFromParts(product, service),
+                };
+            }
+            // By service
+            else if (service) {
+                index = {
+                    name: IndexNames.Service,
+                    value: service,
+                };
+            }
+            if (!index) {
+                throw new JacksonError('Please provide either service or product to filter setup links', 400);
+            }
+            const { data: setupLinks, pageToken: nextPageToken } = yield this.setupLinkStore.getByIndex(index, pageOffset, pageLimit, pageToken);
+            if (index.name === IndexNames.TenantProductService && setupLinks.length === 0) {
+                throw new JacksonError('Setup link is not found', 404);
+            }
+            return { data: setupLinks, pageToken: nextPageToken };
+        });
+    }
+    /**
+     * @swagger
+     * parameters:
+     *   idParamGet:
+     *     name: id
+     *     description: Setup Link ID
+     *     in: query
+     *     required: false
+     *     type: string
+     * /api/v1/sso/setuplinks:
+     *   get:
+     *     summary: Get the Setup Link
+     *     parameters:
+     *       - $ref: '#/parameters/tenantParamGet'
+     *       - $ref: '#/parameters/productParamGet'
+     *       - $ref: '#/parameters/idParamGet'
+     *     operationId: get-sso-setup-link
+     *     tags: [Setup Links | Single Sign On]
+     *     responses:
+     *      200:
+     *        description: Success
+     *        schema:
+     *          $ref:  '#/definitions/SetupLink'
+     * /api/v1/dsync/setuplinks:
+     *   get:
+     *     summary: Get the Setup Link
+     *     parameters:
+     *       - $ref: '#/parameters/tenantParamGet'
+     *       - $ref: '#/parameters/productParamGet'
+     *       - $ref: '#/parameters/idParamGet'
+     *     operationId: get-dsync-setup-link
+     *     tags: [Setup Links | Directory Sync]
+     *     responses:
+     *      200:
+     *        description: Success
+     *        schema:
+     *          $ref:  '#/definitions/SetupLink'
+     */
+    get(id) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!id) {
+                throw new JacksonError('Missing setup link id', 400);
+            }
+            const setupLink = yield this.setupLinkStore.get(id);
+            if (!setupLink) {
+                throw new JacksonError('Setup link is not found', 404);
+            }
+            return setupLink;
+        });
+    }
+}
+//# sourceMappingURL=setup-link.js.map

package/dist/src/controller/setup-link.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"setup-link.js","sourceRoot":"","sources":["../../../src/controller/setup-link.ts"],"names":[],"mappings":";;;;;;;;;AASA,OAAO,KAAK,OAAO,MAAM,aAAa,CAAC;AACvC,OAAO,EAAE,UAAU,EAAE,wBAAwB,EAAE,mBAAmB,EAAE,mBAAmB,EAAE,MAAM,SAAS,CAAC;AACzG,OAAO,MAAM,MAAM,QAAQ,CAAC;AAC5B,OAAO,EAAE,YAAY,EAAE,MAAM,SAAS,CAAC;AAkBvC,MAAM,qBAAqB,GAAG,CAAC,OAAe,EAAE,EAAE;IAChD,IAAI,CAAC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC,QAAQ,CAAC,OAAO,CAAC,EAAE,CAAC;QACxC,MAAM,IAAI,YAAY,CAAC,4DAA4D,EAAE,GAAG,CAAC,CAAC;IAC5F,CAAC;AACH,CAAC,CAAC;AAEF,MAAM,wBAAwB,GAAG,CAAC,UAAkB,EAAU,EAAE;IAC9D,MAAM,gBAAgB,GAAG,IAAI,CAAC,GAAG,EAAE,CAAC;IACpC,OAAO,gBAAgB,GAAG,UAAU,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAC7D,CAAC,CAAC;AAEF;;;;;;;;;;;;;;;;;;;;;GAqBG;AACH,MAAM,OAAO,mBAAmB;IAI9B,YAAY,EAAE,cAAc,EAAE,IAAI,EAAE;QAClC,IAAI,CAAC,cAAc,GAAG,cAAc,CAAC;QACrC,IAAI,CAAC,IAAI,GAAG,IAAI,CAAC;IACnB,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAuHG;IACG,MAAM,CAAC,IAA4B;;YACvC,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,UAAU,EAAE,GAAG,IAAI,CAAC;YAExE,wBAAwB,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;YAC1C,qBAAqB,CAAC,OAAO,CAAC,CAAC;YAE/B,IAAI,CAAC,MAAM,IAAI,CAAC,OAAO,EAAE,CAAC;gBACxB,MAAM,IAAI,YAAY,CAAC,iCAAiC,EAAE,GAAG,CAAC,CAAC;YACjE,CAAC;YAED,IAAI,OAAO,KAAK,KAAK,EAAE,CAAC;gBACtB,MAAM,EAAE,kBAAkB,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;gBAEjD,IAAI,CAAC,kBAAkB,IAAI,CAAC,WAAW,EAAE,CAAC;oBACxC,MAAM,IAAI,YAAY,CAAC,iDAAiD,EAAE,GAAG,CAAC,CAAC;gBACjF,CAAC;gBAED,mBAAmB,CAAC,EAAE,kBAAkB,EAAE,eAAe,EAAE,mBAAmB,CAAC,WAAW,IAAI,EAAE,CAAC,EAAE,CAAC,CAAC;YACvG,CAAC;iBAAM,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;gBAC/B,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC;gBAE7C,IAAI,CAAC,WAAW,IAAI,CAAC,cAAc,EAAE,CAAC;oBACpC,MAAM,IAAI,YAAY,CAAC,6CAA6C,EAAE,GAAG,CAAC,CAAC;gBAC7E,CAAC;YACH,CAAC;YAED,MAAM,QAAQ,GAAgB,CAC5B,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC;gBACnC,IAAI,EAAE,UAAU,CAAC,oBAAoB;gBACrC,KAAK,EAAE,OAAO,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC;aACtD,CAAC,CACH,CAAC,IAAI,CAAC;YAEP,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,CAAC,UAAU,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACvE,OAAO,QAAQ,CAAC,CAAC,CAAC,CAAC;YACrB,CAAC;YAED,uDAAuD;YACvD,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,IAAI,UAAU,EAAE,CAAC;gBACtC,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YACxD,CAAC;YAED,MAAM,KAAK,GAAG,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC;YACrD,MAAM,YAAY,GAChB,OAAO,UAAU,KAAK,QAAQ,IAAI,UAAU,GAAG,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,mBAAmB,IAAI,CAAC,CAAC;YACrG,MAAM,OAAO,GAAG,OAAO,CAAC,SAAS,CAAC,OAAO,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;YAElF,MAAM,SAAS,GAAc;gBAC3B,OAAO;gBACP,MAAM;gBACN,OAAO;gBACP,OAAO;gBACP,IAAI;gBACJ,SAAS,EAAE,wBAAwB,CAAC,YAAY,CAAC;gBACjD,GAAG,EAAE,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,UAAU,KAAK,EAAE;aAC/C,CAAC;YAEF,IAAI,OAAO,KAAK,KAAK,EAAE,CAAC;gBACtB,MAAM,EAAE,kBAAkB,EAAE,WAAW,EAAE,WAAW,EAAE,GAAG,IAAI,CAAC;gBAC9D,SAAS,CAAC,kBAAkB,GAAG,kBAAkB,CAAC;gBAClD,SAAS,CAAC,WAAW,GAAG,WAAW,CAAC;gBACpC,SAAS,CAAC,WAAW,GAAG,WAAW,IAAI,EAAE,CAAC;YAC5C,CAAC;iBAAM,IAAI,OAAO,KAAK,OAAO,EAAE,CAAC;gBAC/B,MAAM,EAAE,WAAW,EAAE,cAAc,EAAE,GAAG,IAAI,CAAC;gBAC7C,SAAS,CAAC,WAAW,GAAG,WAAW,CAAC;gBACpC,SAAS,CAAC,cAAc,GAAG,cAAc,CAAC;YAC5C,CAAC;YAED,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAC3B,OAAO,EACP,SAAS,EACT;gBACE,IAAI,EAAE,UAAU,CAAC,UAAU;gBAC3B,KAAK,EAAE,KAAK;aACb,EACD;gBACE,IAAI,EAAE,UAAU,CAAC,oBAAoB;gBACrC,KAAK,EAAE,OAAO,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC;aACtD,EACD;gBACE,IAAI,EAAE,UAAU,CAAC,OAAO;gBACxB,KAAK,EAAE,OAAO;aACf,EACD;gBACE,IAAI,EAAE,UAAU,CAAC,cAAc;gBAC/B,KAAK,EAAE,OAAO,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC;aAC9C,CACF,CAAC;YAEF,OAAO,SAAS,CAAC;QACnB,CAAC;KAAA;IAED,4BAA4B;IACtB,UAAU,CAAC,KAAa;;YAC5B,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,YAAY,CAAC,0BAA0B,EAAE,GAAG,CAAC,CAAC;YAC1D,CAAC;YAED,MAAM,SAAS,GAAgB,CAC7B,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CAAC;gBACnC,IAAI,EAAE,UAAU,CAAC,UAAU;gBAC3B,KAAK,EAAE,KAAK;aACb,CAAC,CACH,CAAC,IAAI,CAAC;YAEP,IAAI,CAAC,SAAS,IAAI,SAAS,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBACzC,MAAM,IAAI,YAAY,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;YACzD,CAAC;YAED,IAAI,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;gBACjC,MAAM,IAAI,YAAY,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAC;YACvD,CAAC;YAED,OAAO,SAAS,CAAC,CAAC,CAAC,CAAC;QACtB,CAAC;KAAA;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OA6CG;IACG,MAAM,CAAC,MAA6B;;YACxC,IAAI,IAAI,IAAI,MAAM,EAAE,CAAC;gBACnB,MAAM,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,MAAM,CAAC,EAAE,CAAC,CAAC;gBAC5C,OAAO;YACT,CAAC;YAED,IAAI,SAAS,IAAI,MAAM,IAAI,QAAQ,IAAI,MAAM,IAAI,SAAS,IAAI,MAAM,EAAE,CAAC;gBACrE,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,GAAG,MAAM,IAAI,CAAC,QAAQ,CAAC;oBAC/C,OAAO,EAAE,MAAM,CAAC,OAAO;oBACvB,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,OAAO,EAAE,MAAM,CAAC,OAAO;iBACxB,CAAC,CAAC;gBAEH,MAAM,IAAI,CAAC,MAAM,CAAC,EAAE,EAAE,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,OAAO,EAAE,CAAC,CAAC;YACnD,CAAC;QACH,CAAC;KAAA;IAED,0CAA0C;IAC1C,SAAS,CAAC,SAAoB;QAC5B,OAAO,SAAS,CAAC,SAAS,GAAG,CAAC,IAAI,IAAI,EAAE,CAAC;IAC3C,CAAC;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAiDG;IACG,QAAQ,CAAC,MAAsB;;YACnC,MAAM,EAAE,MAAM,EAAE,OAAO,EAAE,OAAO,EAAE,UAAU,EAAE,SAAS,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC;YAE9E,IAAI,KAAK,GAAiB,IAAI,CAAC;YAE/B,gCAAgC;YAChC,IAAI,MAAM,IAAI,OAAO,IAAI,OAAO,EAAE,CAAC;gBACjC,KAAK,GAAG;oBACN,IAAI,EAAE,UAAU,CAAC,oBAAoB;oBACrC,KAAK,EAAE,OAAO,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,EAAE,OAAO,CAAC;iBACtD,CAAC;YACJ,CAAC;YAED,uBAAuB;iBAClB,IAAI,OAAO,IAAI,OAAO,EAAE,CAAC;gBAC5B,KAAK,GAAG;oBACN,IAAI,EAAE,UAAU,CAAC,cAAc;oBAC/B,KAAK,EAAE,OAAO,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC;iBAC9C,CAAC;YACJ,CAAC;YAED,aAAa;iBACR,IAAI,OAAO,EAAE,CAAC;gBACjB,KAAK,GAAG;oBACN,IAAI,EAAE,UAAU,CAAC,OAAO;oBACxB,KAAK,EAAE,OAAO;iBACf,CAAC;YACJ,CAAC;YAED,IAAI,CAAC,KAAK,EAAE,CAAC;gBACX,MAAM,IAAI,YAAY,CAAC,gEAAgE,EAAE,GAAG,CAAC,CAAC;YAChG,CAAC;YAED,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,UAAU,CACzF,KAAK,EACL,UAAU,EACV,SAAS,EACT,SAAS,CACV,CAAC;YAEF,IAAI,KAAK,CAAC,IAAI,KAAK,UAAU,CAAC,oBAAoB,IAAI,UAAU,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;gBAC9E,MAAM,IAAI,YAAY,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;YACzD,CAAC;YAED,OAAO,EAAE,IAAI,EAAE,UAAU,EAAE,SAAS,EAAE,aAAa,EAAE,CAAC;QACxD,CAAC;KAAA;IAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;OAqCG;IACG,GAAG,CAAC,EAAU;;YAClB,IAAI,CAAC,EAAE,EAAE,CAAC;gBACR,MAAM,IAAI,YAAY,CAAC,uBAAuB,EAAE,GAAG,CAAC,CAAC;YACvD,CAAC;YAED,MAAM,SAAS,GAAG,MAAM,IAAI,CAAC,cAAc,CAAC,GAAG,CAAC,EAAE,CAAC,CAAC;YAEpD,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,MAAM,IAAI,YAAY,CAAC,yBAAyB,EAAE,GAAG,CAAC,CAAC;YACzD,CAAC;YAED,OAAO,SAAS,CAAC;QACnB,CAAC;KAAA;CACF"}

package/dist/src/controller/sp-config.d.ts

@@ -0,0 +1,22 @@
+import type { JacksonOption } from '../typings';
+export declare class SPSSOConfig {
+    private opts;
+    constructor(opts: JacksonOption);
+    private get acsUrl();
+    private get entityId();
+    private get responseSigned();
+    private get assertionSignature();
+    private get signatureAlgorithm();
+    get oidcRedirectURI(): string;
+    get(): Promise<{
+        acsUrl: string;
+        entityId: string;
+        response: string;
+        assertionSignature: string;
+        signatureAlgorithm: string;
+        publicKey: string;
+        publicKeyString: string;
+    }>;
+    toMarkdown(): string;
+    toXMLMetadata(encryption?: boolean): Promise<string>;
+}

package/dist/src/controller/sp-config.js

@@ -0,0 +1,89 @@
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+import saml20 from '@boxyhq/saml20';
+import { getDefaultCertificate } from '../saml/x509';
+// Service Provider SSO Configuration
+export class SPSSOConfig {
+    constructor(opts) {
+        this.opts = opts;
+    }
+    get acsUrl() {
+        return `${this.opts.externalUrl}${this.opts.samlPath}`;
+    }
+    get entityId() {
+        return `${this.opts.samlAudience}`;
+    }
+    get responseSigned() {
+        return 'Signed';
+    }
+    get assertionSignature() {
+        return 'Signed';
+    }
+    get signatureAlgorithm() {
+        return 'RSA-SHA256';
+    }
+    get oidcRedirectURI() {
+        return `${this.opts.externalUrl}${this.opts.oidcPath}`;
+    }
+    get() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const cert = yield getDefaultCertificate();
+            return {
+                acsUrl: this.acsUrl,
+                entityId: this.entityId,
+                response: this.responseSigned,
+                assertionSignature: this.assertionSignature,
+                signatureAlgorithm: this.signatureAlgorithm,
+                publicKey: cert.publicKey,
+                publicKeyString: saml20.stripCertHeaderAndFooter(cert.publicKey),
+            };
+        });
+    }
+    toMarkdown() {
+        return markdownTemplate
+            .replace('{{acsUrl}}', this.acsUrl)
+            .replace('{{entityId}}', this.entityId)
+            .replace('{{responseSigned}}', this.responseSigned)
+            .replace('{{assertionSignature}}', this.assertionSignature)
+            .replace('{{signatureAlgorithm}}', this.signatureAlgorithm);
+    }
+    toXMLMetadata() {
+        return __awaiter(this, arguments, void 0, function* (encryption = false) {
+            const { entityId, acsUrl, publicKeyString } = yield this.get();
+            return saml20.createSPMetadataXML({ entityId, acsUrl, publicKeyString, encryption });
+        });
+    }
+}
+const markdownTemplate = `
+## Service Provider (SP) SAML Configuration
+
+Your Identity Provider (IdP) will ask for the following information while configuring the SAML application. Share this information with your IT administrator.
+
+For provider specific instructions, refer to our <a href="https://boxyhq.com/docs/jackson/sso-providers" target="_blank">guides</a>
+
+**ACS (Assertion Consumer Service) URL / Single Sign-On URL / Destination URL** <br />
+{{acsUrl}}
+
+**SP Entity ID / Identifier / Audience URI / Audience Restriction** <br />
+{{entityId}}
+
+**Response** <br />
+{{responseSigned}}
+
+**Assertion Signature** <br />
+{{assertionSignature}}
+
+**Signature Algorithm** <br />
+{{signatureAlgorithm}}
+
+**Assertion Encryption** <br />
+If you want to encrypt the assertion, you can download our [public certificate](/.well-known/saml.cer). Otherwise select the 'Unencrypted' option.
+`;
+//# sourceMappingURL=sp-config.js.map

package/dist/src/controller/sp-config.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"sp-config.js","sourceRoot":"","sources":["../../../src/controller/sp-config.ts"],"names":[],"mappings":";;;;;;;;;AAEA,OAAO,MAAM,MAAM,gBAAgB,CAAC;AACpC,OAAO,EAAE,qBAAqB,EAAE,MAAM,cAAc,CAAC;AAErD,qCAAqC;AACrC,MAAM,OAAO,WAAW;IACtB,YAAoB,IAAmB;QAAnB,SAAI,GAAJ,IAAI,CAAe;IAAG,CAAC;IAE3C,IAAY,MAAM;QAChB,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;IACzD,CAAC;IAED,IAAY,QAAQ;QAClB,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,YAAY,EAAE,CAAC;IACrC,CAAC;IAED,IAAY,cAAc;QACxB,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,IAAY,kBAAkB;QAC5B,OAAO,QAAQ,CAAC;IAClB,CAAC;IAED,IAAY,kBAAkB;QAC5B,OAAO,YAAY,CAAC;IACtB,CAAC;IAED,IAAW,eAAe;QACxB,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;IACzD,CAAC;IAEY,GAAG;;YASd,MAAM,IAAI,GAAG,MAAM,qBAAqB,EAAE,CAAC;YAE3C,OAAO;gBACL,MAAM,EAAE,IAAI,CAAC,MAAM;gBACnB,QAAQ,EAAE,IAAI,CAAC,QAAQ;gBACvB,QAAQ,EAAE,IAAI,CAAC,cAAc;gBAC7B,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;gBAC3C,kBAAkB,EAAE,IAAI,CAAC,kBAAkB;gBAC3C,SAAS,EAAE,IAAI,CAAC,SAAS;gBACzB,eAAe,EAAE,MAAM,CAAC,wBAAwB,CAAC,IAAI,CAAC,SAAS,CAAC;aACjE,CAAC;QACJ,CAAC;KAAA;IAEM,UAAU;QACf,OAAO,gBAAgB;aACpB,OAAO,CAAC,YAAY,EAAE,IAAI,CAAC,MAAM,CAAC;aAClC,OAAO,CAAC,cAAc,EAAE,IAAI,CAAC,QAAQ,CAAC;aACtC,OAAO,CAAC,oBAAoB,EAAE,IAAI,CAAC,cAAc,CAAC;aAClD,OAAO,CAAC,wBAAwB,EAAE,IAAI,CAAC,kBAAkB,CAAC;aAC1D,OAAO,CAAC,wBAAwB,EAAE,IAAI,CAAC,kBAAkB,CAAC,CAAC;IAChE,CAAC;IAEY,aAAa;6DAAC,UAAU,GAAG,KAAK;YAC3C,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,GAAG,MAAM,IAAI,CAAC,GAAG,EAAE,CAAC;YAE/D,OAAO,MAAM,CAAC,mBAAmB,CAAC,EAAE,QAAQ,EAAE,MAAM,EAAE,eAAe,EAAE,UAAU,EAAE,CAAC,CAAC;QACvF,CAAC;KAAA;CACF;AAED,MAAM,gBAAgB,GAAG;;;;;;;;;;;;;;;;;;;;;;;;CAwBxB,CAAC"}

package/dist/src/controller/sso-handler.d.ts

@@ -0,0 +1,66 @@
+import type { SAMLProfile } from '@boxyhq/saml20/dist/typings';
+import type { JacksonOption, Storable, SAMLSSORecord, OIDCSSORecord, IdentityFederationApp, SSOTracesInstance, SSOTrace } from '../typings';
+export declare class SSOHandler {
+    private connection;
+    private session;
+    private opts;
+    constructor({ connection, session, opts, }: {
+        connection: Storable;
+        session: Storable;
+        opts: JacksonOption;
+    });
+    resolveConnection(params: {
+        authFlow: 'oauth' | 'saml' | 'idp-initiated';
+        originalParams: Record<string, any>;
+        tenant?: string;
+        product?: string;
+        entityId?: string;
+        iss?: string;
+        idp_hint?: string;
+        idFedAppId?: string;
+        fedType?: string;
+        thirdPartyLogin?: {
+            idpInitiatorType?: 'oidc' | 'saml';
+            iss?: string;
+            target_link_uri?: string;
+        };
+        tenants?: string[];
+        ssoTraces?: {
+            instance: SSOTracesInstance;
+            context: SSOTrace['context'];
+        };
+    }): Promise<{
+        connection: SAMLSSORecord | OIDCSSORecord;
+    } | {
+        redirectUrl: string;
+    } | {
+        postForm: string;
+    }>;
+    createSAMLRequest({ connection, requestParams, mappings, }: {
+        connection: SAMLSSORecord;
+        requestParams: Record<string, any>;
+        mappings: IdentityFederationApp['mappings'];
+    }): Promise<{
+        redirect_url: any;
+        authorize_form: any;
+    }>;
+    createOIDCRequest({ connection, requestParams, mappings, ssoTraces, }: {
+        connection: OIDCSSORecord;
+        requestParams: Record<string, any>;
+        mappings: IdentityFederationApp['mappings'];
+        ssoTraces: {
+            instance: SSOTracesInstance;
+            context: SSOTrace['context'];
+        };
+    }): Promise<{
+        redirect_url: any;
+        authorize_form: null;
+    }>;
+    createSAMLResponse: ({ profile, session }: {
+        profile: SAMLProfile;
+        session: any;
+    }) => Promise<{
+        responseForm: any;
+    }>;
+    private createSession;
+}